O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CompTIA Advanced Security Practitioner (CASP) CAS-003

Video Description

18+ Hours of Video Instruction

More than 18 hours of video instruction to prepare you for the new CASP CAS-003 exam.

Overview
The CompTIA Advanced Security Practitioner (CASP) CAS-003 Complete Video Course is an engaging, self-paced video training solution that provides learners with 18 hours of personal, visual instruction from expert trainer Michael J. Shannon. Through the use of topic-focused instructional videos, you will gain an in-depth understanding of each objective in the CompTIA CASP CAS-300 exam as well as a deeper understanding of advanced security principles.

This title covers every key topic in the exam, including risk management, enterprise security architecture, enterprise security operations, technical integration of enterprise security, research, development, and collaboration. Michael Shannon also includes demos throughout the training so you can see first hand how to approach real-world security problems. This is the perfect training solution to learn all of the advanced security topics that appear on the test and real security knowledge and skills to help you do your work as a security practitioner. Full of live trainer discussions, hands-on demos, lightboard elaborations, and deep-dive discussions, this course covers security in a way that is easy to access and even fun.

In addition to covering every objective in the CompTIA CASP CAS-003 exam this title includes a full practice exam, module quizzes so you can test yourself throughout your training, and hands-on performance-based exercises so you have everything you need.

About the Instructor

Michael J. Shannon began his IT career when he transitioned from recording studio engineer to network technician for a major telecommunications company in the early 1990s. He soon began to focus on security, and was one of the first 10 people to attain the HIPAA Certified Security Specialist. Throughout his 30 years in IT he has worked as an employee, contractor, and consultant for several companies including Platinum Technologies, Fujitsu, IBM, State Farm, MindSharp, and Skillsoft, among others. Mr. Shannon has authored several books, training manuals, published articles, and CBT modules over the years as well. He has attained the CISSP, PCNSE7, CCNP Security, ITIL Intermediate SO and RCV, and Security+ certifications in the security field.

Skill Level
CompTIA requires that anyone taking the CASP exam have 10 years of experience in IT administration, including at least 5 years of hands-on technical security experience.

Learn How To
  • Integrate network and security components, concepts, and architectures
  • Integrate security controls for host devices
  • Integrate controls for mobile and small form factor devices
  • Select software security controls
  • Conduct security assessments
  • Select the proper security assessment tools
  • Implement incident response and recovery
  • Integrate hosts, storage, and applications in the enterprise
  • Integrate cloud and virtualization technologies in the enterprise
  • Integrate and troubleshoot advanced AAA technologies
  • Implement cryptographic techniques
  • Secure communication and collaboration solutions
  • Apply research methods for trend and impact analysis
  • Implement security activities across the technology lifecycle
  • Interact across diverse business units
Who Should Take This Course
  • IT security professionals who have a minimum of 10 years of experience in IT administration, including at least 5 years of hands-on technical security experience
  • Systems/network/application security professionals who are preparing for the CASP exam
  • Any IT professional who wants to gain an advanced understanding of how to secure modern enterprises beyond the Security+ or SSCP certifications
Course Requirements
Recommended prerequisites: CompTIA Network+, Security+, CSA+, or equivalent experience

Lesson descriptions
Lesson 1, "Business and Industry Influences and Risks," covers risk management of new products, new technologies, and user behaviors as well as risks involved with new or changing business models and strategies.

Lesson 2, "Organizational Security Privacy Policies and Procedures," explores advanced organizational security and privacy policies.

Lesson 3, "Risk Mitigation Strategies and Controls," delves into advanced decisions based on confidentiality, integrity, and availability along with system-specific risk worst-case scenario analysis.

Lesson 4, "Risk Metric Scenarios for Enterprise Security," presents risk metric scenarios for enterprise security.

Lesson 5, "Integrating Network and Security Components, Concepts, and Architectures," reviews physical and virtual network and security devices along with application and protocol-aware technologies.

Lesson 6, "Integrating Security Controls for Host Devices," reviews trusted operating systems and endpoint security software.

Lesson 7, "Integrating Controls for Mobile and Small Form Factor Devices," covers enterprise mobility management, security implications, and privacy concerns of a wide array of mobile and cloud-connected devices, plus a survey of wearable technology.

Lesson 8, "Selecting Software Security Controls," examines application security design considerations along with specific application issues.

Lesson 9, "Conducting Security Assessments," examines a wide number of security assessments and types, including reconnaissance, fingerprinting, white-black-and-gray box testing as well as red and blue team penetration testing.

Lesson 10, "Selecting the Proper Security Assessment Tools," reviews network tool types like various scanners and host tool types, such as file integrity monitoring and log analysis tools along with physical security tools.

Lesson 11, "Implementing Incident Response and Recovery," covers e-discovery and data breaches along with facilitating incident detection and response.

Lesson 12, "Integrating Hosts, Storage, and Applications in the Enterprise," shows the concepts of adapting data flow security to meet changing business needs and different types of standards.

Lesson 13, "Integrating Cloud and Virtualization Technologies in the Enterprise," examines technical deployment models like outsourcing/insourcing/managed services/and partnership.

Lesson 14, "Integrating and Troubleshooting Advanced AAA Technologies," covers the topics of authentication and authorization, attestation, identity proofing and propagation, federations, and trust models.

Lesson 15, "Implementing Cryptographic Techniques," explores advanced cryptographic techniques such as digital signatures, code signing, and perfect forward secrecy.

Lesson 16, "Secure Communication and Collaboration Solutions," covers remote access and unified collaboration tools, unified communication, presence, telephony and VOIP integration, and social media.

Lesson 17, "Applying Research Methods for Trend and Impact Analysis," looks at performing ongoing research, threat intelligence investigation, researching security implications of emerging business tools, and global information assurance industry and communities.

Lesson 18, "Implementing Security Activities Across the Technology Life Cycle," reviews the systems development life cycle and software development life cycle.

Lesson 19, "Interacting Across Diverse Business Units," interprets security requirements and goals to communicate with stakeholders from other disciplines, such as sales staff, HR, and legal.

About Pearson Video Training
Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.

Table of Contents

  1. Introduction
    1. CASP: Introduction 00:01:23
  2. Module 1: Risk Management
    1. Module introduction 00:00:26
  3. Lesson 1: Business and Industry Influences and Risks
    1. Learning objectives 00:00:42
    2. 1.1 Risk Management of New Initiatives 00:14:28
    3. 1.2 Business and Industry Policies 00:11:29
    4. 1.3 Internal and External Influences 00:05:41
    5. 1.4 Impacts of De-perimiterization 00:03:57
  4. Lesson 2: Organizational Security Privacy Policies and Procedures
    1. Learning objectives 00:00:44
    2. 2.1 Policy and Process Life Cycle Management 00:04:53
    3. 2.2 Partnering with HR, Legal, and the C-Suite 00:06:05
    4. 2.3 Common Business Documentation 00:10:50
    5. 2.4 Security Requirements for Contracts 00:03:34
    6. 2.5 General Principles for Sensitive Information 00:09:42
    7. 2.6 Developing Standard Policies and Security Practices 00:18:29
  5. Lesson 3: Risk Mitigation Strategies and Controls
    1. Learning objectives 00:00:45
    2. 3.1 CIA-based Decisions for the Organization 00:14:59
    3. 3.2 System-specific Worst-case Analysis 00:15:24
    4. 3.3 Risk Determination 00:17:30
    5. 3.4 Translating Risk into Business Terms 00:13:58
    6. 3.5 Risk Treatment 00:06:23
    7. 3.6 Risk Management Proces: Overview 00:06:30
    8. 3.7 Risk Management Process: OCTAVE and ISO/IEC 31000:2009 Methodologies 00:09:10
    9. 3.8 Risk Management Process: Key Terminology 00:03:16
    10. 3.9 Business Continuity Planning 00:12:54
    11. 3.10 IT Governance and Frameworks 00:10:09
    12. 3.11 Enterprise Resilience and Continual Improvement 00:08:44
  6. Lesson 4: Risk Metric Scenarios for Enterprise Security
    1. Learning objectives 00:00:53
    2. 4.1 Reviewing Control Effectiveness 00:17:30
    3. 4.2 Reverse Engineering and Deconstruction 00:06:08
    4. 4.3 Collecting and Analyzing Metrics 00:09:30
    5. 4.4 Prototypes, Benchmarks, and Baselines 00:09:32
    6. 4.5 Analyzing Cyber Defense Trends 00:05:01
    7. 4.6 Analyzing Solution Metrics for Business Needs 00:13:33
    8. 4.7 Analyzing Solution Metrics for Business Needs: Cisco and Palo Alto Solutions 00:05:45
  7. Module 2: Enterprise Security Architecture
    1. Module introduction 00:00:30
  8. Lesson 5: Integrating Network and Security Components, Concepts, and Architectures
    1. Learning objectives 00:00:56
    2. 5.1 Physical and Virtual Network and Security Devices: Switches, Routers, and Firewalls 00:06:15
    3. 5.2 Physical and Virtual Network and Security Devices: Zone-based Policy Firewall Demo 00:21:25
    4. 5.3 Application and Protocol-aware Technologies: PAN, WAF, DAM, NIDS/NIPS 00:15:47
    5. 5.4 Application and Protocol-aware Technologies: WLAN Controllers, UTM, NAP/NAC, SIEM, Load Balancers, HAIPE/INE Devices, HSMs 00:13:35
    6. 5.5 Advanced Network Design: Cryptographic Solutions 00:09:40
    7. 5.6 Advanced Network Design: Clientless SSL VPN Demo 00:16:13
    8. 5.7 Advanced Network Design: Networking Solutions 00:16:05
    9. 5.8 Complex Solutions for Data Flow 00:12:15
    10. 5.9 Secure Configuration and SDN 00:11:18
    11. 5.10 Network Management and Montioring Tools 00:09:22
    12. 5.11 Advanced Configuration of Infrastucture Devices: Configuration and Zoning 00:14:22
    13. 5.12 Advanced Configuration of Infrastructure Devices: Routing Protocol Security Exercise 00:18:46
    14. 5.13 Advanced Configuration of Infrastructure Devices: Network-enabled Service and System Security Concerns 00:08:12
  9. Lesson 6: Integrating Security Controls for Host Devices
    1. Learning objectives 00:00:32
    2. 6.1 Implementing Trusted O/S 00:11:25
    3. 6.2 Endpoint Security Software 00:14:35
    4. 6.3 Hardening Hosts: Administrative Controls 00:11:38
    5. 6.4 Hardening Hosts: Peripheral Protection 00:10:57
    6. 6.5 Boot Loader Protections 00:06:01
    7. 6.6 Terminal Services and Application Delivery Services 00:07:27
  10. Lesson 7: Integrating Controls for Mobile and Small Form Factor Devices
    1. Learning objectives 00:00:29
    2. 7.1 Enterprise Mobility Management: MDM 00:07:24
    3. 7.2 Enterprise Mobility Management: MAM 00:12:06
    4. 7.3 Mobility Security and Privacy Concerns: Data Storage 00:06:25
    5. 7.4 Mobility Security and Privacy Concerns: Peripherals 00:16:18
    6. 7.5 Mobility Security and Privacy Concerns: Authentication 00:06:25
    7. 7.6 Wearable Technology 00:04:54
  11. Lesson 8: Selecting Software Security Controls
    1. Learning objectives 00:00:37
    2. 8.1 Application Security Design Considerations 00:01:33
    3. 8.2 Specific Application Issues: Attacks and Exploits 00:13:14
    4. 8.3 Specific Application Issues: Common Vulnerabilities 00:09:13
    5. 8.4 Specific Application Issues: Sandboxing and Firewalls 00:14:02
    6. 8.5 Client-side Processing vs. Server-side Processing 00:04:08
    7. 8.6 O/S and Firmware Vulnerabilities 00:06:35
  12. Module 3: Enterprise Security Operations
    1. Module introduction 00:00:23
  13. Lesson 9: Conducting Security Assessments
    1. Learning objectives 00:00:25
    2. 9.1 Security Assessment Methods: Strategies 00:12:15
    3. 9.2 Security Assessment Methods: Techniques 00:10:43
    4. 9.3 Security Assessment Types: Testing and Assessment 00:09:24
    5. 9.4 Security Assessment Types: Exercises 00:07:17
  14. Lesson 10: Selecting the Proper Security Assessment Tools
    1. Learning objectives 00:00:26
    2. 10.1 Scanners 00:05:43
    3. 10.2 Additional Security Assessment Tools: Overview 00:11:12
    4. 10.3 Additional Security Assessment Tools: Creating a Phishing Campaign 00:06:51
    5. 10.4 Types of Host Tools: Scanners and Crackers 00:09:35
    6. 10.5 Types of Host Tools: Monitoring and Analysis 00:05:32
    7. 10.6 Physical Security Tools 00:04:27
  15. Lesson 11: Implementing Incident Response and Recovery
    1. Learning objectives 00:00:31
    2. 11.1 E-discovery 00:05:37
    3. 11.2 Data Breach Procedures 00:10:59
    4. 11.3 Facilitating Incident Detection and Response 00:08:22
    5. 11.4 Incident and Emergency Response 00:11:41
    6. 11.5 Business Continuity and Disaster Recovery 00:08:03
    7. 11.6 Incident Response Support Tools 00:15:11
    8. 11.7 Incident or Breach Severity 00:09:07
    9. 11.8 Post-incident Response 00:02:29
  16. Module 4: Technical Integration of Enterprise Security
    1. Module introduction 00:00:34
  17. Lesson 12: Integrating Hosts, Storage, and Applications in the Enterprise
    1. Learning objectives 00:00:51
    2. 12.1 Adapting Data Flow Security 00:13:17
    3. 12.2 Data Flow Security Standards 00:06:06
    4. 12.3 Interoperability Issues 00:03:25
    5. 12.4 Resilience Issues 00:06:18
    6. 12.5 Data Security Considerations 00:04:06
    7. 12.6 Resource Provisioning and De-provisioning 00:08:20
    8. 12.7 Merger and Acquisition Design Considerations 00:04:16
    9. 12.8 Logical Network Segmentation and Diagramming 00:07:57
    10. 12.9 Security Issues with Enterprise Application Integration 00:07:45
  18. Lesson 13: Integrating Cloud and Virtualization Technologies in the Enterprise
    1. Learning objectives 00:00:40
    2. 13.1 Technical Deployment Models: Cloud/Virtualization Considerations and Hosting Options 00:12:13
    3. 13.2 Technical Deployment Models: Cloud Service Models 00:17:15
    4. 13.3 Pros and Cons of Virtualization 00:13:17
    5. 13.4 Cloud Augmented Security Services 00:10:16
    6. 13.5 Host Comingling Vulnerabilities 00:06:57
    7. 13.6 Data Security Considerations 00:04:06
  19. Lesson 14: Integrating and Troubleshooting Advanced AAA Technologies
    1. Learning objectives 00:00:25
    2. 14.1 Authentication 00:10:13
    3. 14.2 Authorization 00:06:29
    4. 14.3 Attestation, Proofing, and Propagation 00:04:27
    5. 14.4 Federation Services 00:04:57
    6. 14.5 Trust Models 00:15:32
  20. Lesson 15: Implementing Cryptographic Techniques
    1. Learning objectives 00:00:33
    2. 15.1 Cryptographic Techniques: Hashing and Signing 00:17:57
    3. 15.2 Cryptographic Techniques: Data Protection 00:12:13
    4. 15.3 Cryptographic Techniques: Encryption in Action 00:10:16
    5. 15.4 Implementing Cryptography: SSH and SSL/TLS 00:10:54
    6. 15.5 Implementing Cryptography: Application and Implementation 00:10:38
    7. 15.6 Implementing Crytography: Certificate Services 00:11:09
  21. Lesson 16: Secure Communication and Collaboration Solutions
    1. Learning objectives 00:00:30
    2. 16.1 Remote Access 00:12:40
    3. 16.2 Unified Collaboration Tools 00:06:24
  22. Module 5 Research, Development and Collaboration
    1. Module introduction 00:00:29
  23. Lesson 17: Applying Research Methods for Trend and Impact Analysis
    1. Learning objectives 00:00:30
    2. 17.1 Ongoing Research and Threat Intelligence 00:08:37
    3. 17.2 Emerging Tools and Global IA 00:06:06
  24. Lesson 18: Implementing Security Activities Across the Technology Life Cycle
    1. Learning objectives 00:00:35
    2. 18.1 Systems Development Life Cycle 00:03:40
    3. 18.2 Software Development Life Cycle: Frameworks and Code Security 00:05:39
    4. 18.3 Software Development Life Cycle: Testing and Documentation 00:04:33
    5. 18.4 Adapting Solutions for Emerging Disruptive Trends 00:07:13
    6. 18.5 Asset Management and Inventory Control 00:03:18
  25. Lesson 19: Interacting Across Diverse Business Units
    1. Learning objectives 00:00:44
    2. 19.1 Interpreting Data from Other Disciplines 00:09:10
    3. 19.2 Forming Guidance, Collaboration, and Other Committees 00:06:45
  26. Summary
    1. CASP: Summary 00:01:05